Threat Encyclopedia

Foxit.Reader.JavaScript.popUpMenu.Use.After.Free

Description

This indicates an attack attempt to exploit a Memory Corruption Vulnerability in Foxit Software PhantomPDF
A remote attacker could exploit this vulnerability by enticing a user to open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code in the context of the application.

Affected Products

Foxit Software Foxit Reader 9.3.0.10826 and earlier
Foxit Software PhantomPDF 8.3.8.39677 and earlier

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
https://www.foxitsoftware.com/support/security-bulletins.php

CVE References

CVE-2019-6730